Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>;
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 20 Apr 2015 15:27:02 UTC
Severity: normal
Tags: fixed-upstream, jessie, patch, security, sid, squeeze, stretch, upstream, wheezy
Found in versions libxml2/2.9.2+dfsg1-3, libxml2/2.7.8.dfsg-1
Fixed in versions libxml2/2.7.8.dfsg-2+squeeze12, libxml2/2.9.2+really2.9.1+dfsg1-0.1, libxml2/2.9.2+zdfsg1-4, libxml2/2.9.1+dfsg1-5+deb8u1, libxml2/2.8.0+dfsg1-7+wheezy5
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://bugzilla.gnome.org/show_bug.cgi?id=744980
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
:
Bug#783010
; Package src:libxml2
.
(Mon, 20 Apr 2015 15:27:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
.
(Mon, 20 Apr 2015 15:27:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libxml2 Version: 2.9.2+dfsg1-3 Severity: normal Tags: security upstream fixed-upstream Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=744980 Hi Michal Zalewski an out-of-bound reads issue in libxml2, see http://www.openwall.com/lists/oss-security/2015/04/19/5 for the CVE request (none assigned yet). Upstream bugreport: https://bugzilla.gnome.org/show_bug.cgi?id=744980 Please adjust the affected versions as needed in the BTS, just looked at libxml2 in unstable. Regards, Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
:
Bug#783010
; Package src:libxml2
.
(Thu, 04 Jun 2015 09:45:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
.
(Thu, 04 Jun 2015 09:45:09 GMT) (full text, mbox, link).
Message #10 received at 783010@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags -1 patch Dear package maintainers, dear LTS team, dear Daniel Veillard (libxml2 upstream maintainer), attached is a .debdiff for fixing CVE-related issues #782782 [0a], #782985 [0b] and #783010 [0c] in Debian squeeze-lts. The src:package format is 1.0, so changes have been applied on top of the previous source code tree version. However, I shipped the individual patches for better review in debian/patches (with applying them at build-time). As the backporting/rebasing of the upstream commit for fixing #782782 has not been so trivial, I'd highly appreciate a patch review from someone with more libxml2'ish background. Furthermore, only #782782 and #783010 have been fixed upstream already, the third issue (#782985) has been reported on upstream GNOME bugzilla [1] and also a patch has been provided there [2]. However, upstream (i.e., Daniel) hasn't taken any action on fixing that issue, so far. Thus, Cc:-ing the upstream maintainer of libxml2 (and hoping he can give some feedback on this). What are the plans for that reported bug. Any feedback you can give at this time? For the issues #782985 and #783010 the upstream bug reports provide some test cases. I could reproduce the tests failing with the 2.7.8-2+squeeze11 package version in squeeze-lts and reproduce the tests passing with my proposal for 2.7.8-2+squeeze12. However, for #782782 I do not have any idea how to test that issue, or rather in what installation/usage scenarios it is possible to see the reported DoS issue coming into play. The packages have been built against squeeze-lts and uploaded to a non-Debian .deb archive [3,4] of mine. Thanks+Greets, Mike (from the Debian LTS team) [0a] http://bugs.debian.org/782782 [0b] http://bugs.debian.org/782985 [0c] http://bugs.debian.org/783010 [1] https://bugzilla.gnome.org/show_bug.cgi?id=746048 [2] https://bugzilla.gnome.org/attachment.cgi?id=299127&action=diff [3] http://packages.it-zukunft-schule.de/debian/pool/main/libx/libxml2/ [4] deb http://packages.it-zukunft-schule.de/debian squeeze main -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[libxml2_2.7.8.dfsg-2+squeeze11_2.7.8.dfsg-2+squeeze12.debdiff (text/plain, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Added tag(s) patch.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 783010-submit@bugs.debian.org
.
(Thu, 04 Jun 2015 09:45:09 GMT) (full text, mbox, link).
Reply sent
to Mike Gabriel <sunweaver@debian.org>
:
You have taken responsibility.
(Tue, 30 Jun 2015 19:36:20 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Tue, 30 Jun 2015 19:36:20 GMT) (full text, mbox, link).
Message #17 received at 783010-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2 Source-Version: 2.7.8.dfsg-2+squeeze12 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 783010@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunweaver@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 29 May 2015 13:37:58 +0200 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.7.8.dfsg-2+squeeze12 Distribution: squeeze-lts Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 782782 782985 783010 Changes: libxml2 (2.7.8.dfsg-2+squeeze12) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS team. * debian/patches: + Fix CVE-2015-1819: Enforce the reader to run in constant memory. (Closes: #782782). + Fix out-of-bounds memory access when parsing an unclosed HTML comment. (Closes: #782985). + Fix out-of-bound memory access during read operations. (Closes: #783010). * debian/rules: + Disable updating of config.sub and config.guess during override_dh_auto_clean to avoid .debdiff pollution. Checksums-Sha1: cad07b9ed1d82af6e9c5a4a850f770979d75b4f9 2426 libxml2_2.7.8.dfsg-2+squeeze12.dsc 32dae94c8586d2d2b541a3d559119005a85931ad 129695 libxml2_2.7.8.dfsg-2+squeeze12.diff.gz f35c5c06b9308b92b10ce9b4e1f8a273e8033d77 875920 libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb d3e0281f9b1d5b48a02c3cd13459fda1376dbf8e 94448 libxml2-utils_2.7.8.dfsg-2+squeeze12_amd64.deb 2a8489136144332e365754f359fcf6f81836f702 832468 libxml2-dev_2.7.8.dfsg-2+squeeze12_amd64.deb d1c7f883bf8db616987fa4e16937730a0ad62107 991698 libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb 90a09f4461f687316afa3794b58fe6becb1fbfb8 1378304 libxml2-doc_2.7.8.dfsg-2+squeeze12_all.deb 752cf8de68974634e485278bd66b47c094f6ee83 341358 python-libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb 62a56ed5540c0d7afe84a00a1e22d7d41777fe6f 873454 python-libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb Checksums-Sha256: caed369c39b9f938487dd9ad9a882885b88197f75038da3a203807f07f8d2b73 2426 libxml2_2.7.8.dfsg-2+squeeze12.dsc 1b200e219a9c5c99d9206403a8ed7c2b9a1c7071e5d007e1efd7ebc3bfaf4888 129695 libxml2_2.7.8.dfsg-2+squeeze12.diff.gz f6fb97455ce972248eaaedc219cf2860736709d0fb386ffb4ce40d000fe724f8 875920 libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb f252922bb86e0fcac3bd2081929b0f4b4f35b3f45ce2822e5af81ead3f797b73 94448 libxml2-utils_2.7.8.dfsg-2+squeeze12_amd64.deb 2ee8beca3f509ef235dbd618d546e4d646576b18205425e7763a187a8c052f6f 832468 libxml2-dev_2.7.8.dfsg-2+squeeze12_amd64.deb c69727af30bdca658bccf1bb56e97d7cb89b7f125912dbec149cac1cde2a7f0c 991698 libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb eabcc505adb9414a2d59bb8f5216ab64911e25a8411a99adb7b78f0d19155f44 1378304 libxml2-doc_2.7.8.dfsg-2+squeeze12_all.deb 8f39e1b49f7a8ccbac349c9df51c8863d34ec1d92e1f781deb5fb74722b56df1 341358 python-libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb b823a6133e23e80e36e2258d1f40691264ab6543545c230ea8c0e4436157ed31 873454 python-libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb Files: 1fea8792ff13982cb91d1d2e980df6eb 2426 libs optional libxml2_2.7.8.dfsg-2+squeeze12.dsc a30d6731f2d386fa732c37adc9df39f3 129695 libs optional libxml2_2.7.8.dfsg-2+squeeze12.diff.gz 049693d2d1463d4c1d54705526d772f2 875920 libs standard libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb 4471805189f4968271ab6d8c38655242 94448 text optional libxml2-utils_2.7.8.dfsg-2+squeeze12_amd64.deb b8a915afb3c42bc27dc86c29806ba730 832468 libdevel optional libxml2-dev_2.7.8.dfsg-2+squeeze12_amd64.deb a5b563f663875996422b552ade779647 991698 debug extra libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb 148d69ed482b8104a2bc106cd87fa3e2 1378304 doc optional libxml2-doc_2.7.8.dfsg-2+squeeze12_all.deb 2953603d24f56a3f700f1042c37d4de2 341358 python optional python-libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb 43f08b8aa94017c105b336abb737dd66 873454 debug extra python-libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVkuqRAAoJEJr0azAldxsx/sYP/RfomfpVAfBJuJzqYlsJflYX HfTJfFcvQQ1BD49eYJAjk3WUBUfYm3cKiRCJppMl8TOI1VolXHUr0LOF1Hf32Acf kJys9mDIBO6fKEZ4fNqZYAqcgkiott5MRXsQEm6HO4JTNdNVcdymTp8kPnZYaNEQ UA1Zg3smzjpeANgrBCca292svoEtz+gOHm3ZvD/dUUkXROiMIaHf42NKDyqVvE1F c85Nu+WGiulrwRVXXD/Toai1qoLV0AEvWCHHMUWXbTEyoS4DBbkVqxWIEVZURiKX rtT5RnkTcUmLLrIWUB/khCgltEno3ARpi1TTbMquc6i+/12Oh6C17e0HKNJSblVu X3Owmrb23OledtAj1Lhu5Uu3ofOgOVKEHkZrGC7A418Qcw8x0GZw1d4b9VilK+cG YXr+Y+b9NrEZ714TpmZPuu5W3tGVxyF5Xg5q8vYjYAwJEXOqKexu4UllSzqwUPcr 0UF7lAyJJoCXFlSvORCSaxlXiP4uykXIrNOYZLgc30xuEYWaxDVF9oaK1kj+Ae0F n/tXZlCXxYAjIXjRjWd06Ulz6JLVN9MkFyFO6ZMxixmgjJbQ9hBSliNgw13Eg9Hh rQVyDk0TRubYqMtZ9FLRhbYFTQcq/s5lIlXipn4A0R+ZL+rlERiGVcFxdWTl6/EP u73vr5wy+i7ly5vCIxcc =H7GX -----END PGP SIGNATURE-----
Marked as found in versions libxml2/2.7.8.dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 30 Jun 2015 19:42:06 GMT) (full text, mbox, link).
Added tag(s) jessie, squeeze, stretch, sid, and wheezy.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 30 Jun 2015 19:42:07 GMT) (full text, mbox, link).
Reply sent
to Raphaël Hertzog <hertzog@debian.org>
:
You have taken responsibility.
(Tue, 25 Aug 2015 22:24:22 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Tue, 25 Aug 2015 22:24:22 GMT) (full text, mbox, link).
Message #26 received at 783010-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2 Source-Version: 2.9.2+really2.9.1+dfsg1-0.1 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 783010@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphaël Hertzog <hertzog@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 25 Aug 2015 22:31:29 +0200 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.9.2+really2.9.1+dfsg1-0.1 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 766884 782782 782985 783010 Changes: libxml2 (2.9.2+really2.9.1+dfsg1-0.1) unstable; urgency=medium . * Non-maintainer upload. * Go back to 2.9.1+dfsg1 upstream sources so that xmllint works again. Closes: #766884 * Restore all patches available in 2.9.1+dfsg1-5 in stretch, ensuring CVE-2014-3660 is fixed too. * Fix 3 security issues by adding 4 patches: - CVE-2015-1819: The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Closes: #782782 - Out-of-bounds access when parsing unclosed HTML comment https://bugzilla.gnome.org/show_bug.cgi?id=746048 Closes: #782985 - Out-of-bounds memory access https://bugzilla.gnome.org/show_bug.cgi?id=744980 Closes: #783010 * Add dh-python to Build-Depends for dh_python2 Checksums-Sha1: a64ba3b2d1e0a8d751d04b17027e3a52bafdb203 2375 libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc 357366e7afc9dd03ba883c605d5c369decb2b2e1 3793894 libxml2_2.9.2+really2.9.1+dfsg1.orig.tar.gz ee0b0aa9016e5b4fb2540c9e313da13cfadbc59d 44304 libxml2_2.9.2+really2.9.1+dfsg1-0.1.debian.tar.xz 0ce53f22f8b37fa2c53bfa990539e68175b6defe 1725594 libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb d90a5a909dda1a468ee8dabd0ce461371f247a84 798456 libxml2-dev_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb c6adce6ac2fa03d28082fb4fe1bc95cb4ead923b 815636 libxml2-doc_2.9.2+really2.9.1+dfsg1-0.1_all.deb c12af54d0d1b232abdcad95745e7052a20650335 127552 libxml2-utils-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 00743fc3caace4842c0683bea31c96b3fba04c59 91636 libxml2-utils_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 7e53f7bcaf88c22e7f92936602c2409ae7534b0e 905174 libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 08e6b589b120b30255681eb6f6b44d74369eda42 318072 python-libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 43c7c886b53082a5d8233274c001746f586bf049 193666 python-libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb Checksums-Sha256: d7292bed69d13a0d5255f90c3d021adc895c8cabf73b68972953804634417ac8 2375 libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc f3ec5256412192f74833286c4490672500b232ed1c9195214db2c641df064a28 3793894 libxml2_2.9.2+really2.9.1+dfsg1.orig.tar.gz 14a2e268ecb2dd0b96dd1c468dca377936e5eb64194124541207e2d532917be8 44304 libxml2_2.9.2+really2.9.1+dfsg1-0.1.debian.tar.xz 12de68dd50482b29539276d74ab6e355179f99c19da2d74f32174c154b407eca 1725594 libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb fb5dd38969173e2de4a18b5e7d0d8a59185cb582a368211c192def3c89b4fdd4 798456 libxml2-dev_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 313cce10929ba1c823b9ebcf0dbcac2e1ce2a5c0755d154793d6376114796755 815636 libxml2-doc_2.9.2+really2.9.1+dfsg1-0.1_all.deb 54b67e8a3050804a7f625b2487c21eea7d928de5b92025d1ee9b3c9fedf15c09 127552 libxml2-utils-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb c402f79d5aeab057c5f72a21bd88ecdb732fec042a609266b9f47aa65b325bdb 91636 libxml2-utils_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb fb431837452da447c45721ccc75ab0b8af60a48611ff397b45728fec0d8f1e2d 905174 libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb a361ef7131b20905f5703a3cccad6bba6068d07f28c281feb5fb13b2ca88e135 318072 python-libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 838d0f9adf177764c266d6db710d7b21b3bfcd863baf90aee3a56605696d9f01 193666 python-libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb Files: 097704147dde7181ce315a40c3b416b6 2375 libs optional libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc 5f111980c06f927a62492b7b9781b7bf 3793894 libs optional libxml2_2.9.2+really2.9.1+dfsg1.orig.tar.gz 7a3231b2c0affc5e76d5f884bd87536d 44304 libs optional libxml2_2.9.2+really2.9.1+dfsg1-0.1.debian.tar.xz dfb85eee2f090b9f573cf36a3ac20fd9 1725594 debug extra libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb aacbf1b74b93cfa3d37884741e60b188 798456 libdevel optional libxml2-dev_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb ceda9e2246a1a9d7ef54602e67810744 815636 doc optional libxml2-doc_2.9.2+really2.9.1+dfsg1-0.1_all.deb dd72e2d3c8cc6824595a4eb5cd9ebe0f 127552 debug extra libxml2-utils-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 9838a3fc4f02987e0962e65f33916b9a 91636 text optional libxml2-utils_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb fde05b4d198e3e0ce9f94c89bae3aebc 905174 libs standard libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 95d9f1fa91bb02b8b4b6f87e36bee240 318072 debug extra python-libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 61b55f83b6474fdff1daa4c8529ad1c1 193666 python optional python-libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Signed by Raphael Hertzog iQEcBAEBCAAGBQJV3OH0AAoJEAOIHavrwpq5aWIH/j+JC3AOVzgDLkoSqB8n/0YV F5gJiPSxBviKqty8K35V463AVzpL8K6elD8BmoCkMuL7VfRO69jkacP+VPc83518 kjxneOnZTCUGdJj7KdyWxosHbJ3msS36khu1R6q37wh0JpV6xWdZ4kZ7Uk2SeUPR UFdqpH8mf17gVAUuXP076YHLjkU9YQmPCuD1m98u6LxfB3Synxaz+UH9E3JVtBov HR4XihaYY/4cBzZx/5a/I5YlWpwvtlReeowf3PZpy2raS/633lHiv93ZQJegf8Ne +JjtiyF5sjRjn6ld8s2iZLW23/msVpSIJdUmhfKwFnHid1qigMbkuHagnOuw+zM= =L1K0 -----END PGP SIGNATURE-----
Reply sent
to Aron Xu <aron@debian.org>
:
You have taken responsibility.
(Tue, 22 Sep 2015 09:24:26 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Tue, 22 Sep 2015 09:24:26 GMT) (full text, mbox, link).
Message #31 received at 783010-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2 Source-Version: 2.9.2+zdfsg1-4 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 783010@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu <aron@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 22 Sep 2015 16:31:48 +0800 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.9.2+zdfsg1-4 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Aron Xu <aron@debian.org> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 754424 766884 768089 781232 782782 783010 798642 Changes: libxml2 (2.9.2+zdfsg1-4) unstable; urgency=medium . * Revert everything in N'ACKed NMU revert to 2.9.1. - Resolving regression, Closes: #754424 - Drop the following NMU, not needed in 2.9.2, Closes: #781232 - Drop not approved patch for GNOME #746048 * Revert icu dbg drop, but don't hardcode version, thanks Matthias Klose <doko>, Closes: #798642 * Cherry pick upstream post release patches: - Fix for regression triggered by CVE-2014-3660, Closes: #768089 - Fix for the spurious ID already defined error, Closes: #766884 - Fix for CVE-2015-1819, Closes: #782782 - Fix for GNOME #744980, Closes: #783010 - Several fixes for memory related issues. Checksums-Sha1: fef5b2b802b43aba45213e3fb3224c6d2f124f1f 2236 libxml2_2.9.2+zdfsg1-4.dsc 6dc1815cd83ecda87988d7528fc918f2aca91cfc 2473592 libxml2_2.9.2+zdfsg1.orig.tar.xz 59f7236eee66d9975ca16f736021d3541e2e08c6 28912 libxml2_2.9.2+zdfsg1-4.debian.tar.xz ec2365bda47ee6a263dd4b1fe174e76cc2effeea 1725030 libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb 3e74587a1a7e3b0deaa9a3d781b533da84f01ffd 803722 libxml2-dev_2.9.2+zdfsg1-4_amd64.deb efbeaa35c8fa8ef27d9021785ee648132ded5f13 822922 libxml2-doc_2.9.2+zdfsg1-4_all.deb 387ac35b99ac530865d2a1ac3270adc081fc00c8 137928 libxml2-utils-dbg_2.9.2+zdfsg1-4_amd64.deb 70d5e126077feb769c5f9cd2a38956b4698682a7 102052 libxml2-utils_2.9.2+zdfsg1-4_amd64.deb a6e6f93309f7deda98c7252c0bf28acc4aef1819 911438 libxml2_2.9.2+zdfsg1-4_amd64.deb 9223993950cd7db266a10cd7eda8d58b8f6ebad0 328734 python-libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb 3d1b51b2852e0088581ceeeefdd0c8019522fac9 204182 python-libxml2_2.9.2+zdfsg1-4_amd64.deb Checksums-Sha256: bb83c329d94dff4d0f17f62dac8a0a51b70afb74ac8a028bfb77a9d3dec73aa3 2236 libxml2_2.9.2+zdfsg1-4.dsc 0e2ba8bcdb181343f78acfacd342f211f70894b904747367c52011ab9a096776 2473592 libxml2_2.9.2+zdfsg1.orig.tar.xz 8c1c681c3f8d4e2846f66f98a43fcbc7ab85068d6a9c0de6b88ad59fc8e06e8d 28912 libxml2_2.9.2+zdfsg1-4.debian.tar.xz da38fb11b37a6fae09eae62733930b35056d5803da2b42f868a5e9a09908ecfe 1725030 libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb fc82258a0110021a80965c177800e452bf9742bbac50e1c8f9c8c4c743160a83 803722 libxml2-dev_2.9.2+zdfsg1-4_amd64.deb b5e76aee82ac62387cef685ca0fe0abedf23acaae0c206c983f4d990224ba6bf 822922 libxml2-doc_2.9.2+zdfsg1-4_all.deb ccb0196cdaad1d787c318d4d994ae81b88dd2136ce3d63c3263014075ab9770b 137928 libxml2-utils-dbg_2.9.2+zdfsg1-4_amd64.deb 02ecf74b606d66167fba2ccfe75969a090070bbb3271edb684e47f45403c8daf 102052 libxml2-utils_2.9.2+zdfsg1-4_amd64.deb a674c7c8ec332296f7f863056479a56fc9c930a8555ed0e32c525ddd0fb93a2e 911438 libxml2_2.9.2+zdfsg1-4_amd64.deb 3184ff7cd5a97f8a4ac10baa921fa8dc0eed9bdd3f988ec2a528508a12ccba37 328734 python-libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb 57c886bf510ba13f4a0260ffe0fe695ab5520afdab1c484bef0ca22fe4945f72 204182 python-libxml2_2.9.2+zdfsg1-4_amd64.deb Files: 300b64063f16c64b5d7f032a9be9b1a4 2236 libs optional libxml2_2.9.2+zdfsg1-4.dsc 459ddafff94a763976bbdccfcc6394f7 2473592 libs optional libxml2_2.9.2+zdfsg1.orig.tar.xz a5ae56b769f283b71ed92775c1f3104c 28912 libs optional libxml2_2.9.2+zdfsg1-4.debian.tar.xz 16c656567d095eae94b8c95150aba5a9 1725030 debug extra libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb 77d83264daffa6b0af05b51794fadb5b 803722 libdevel optional libxml2-dev_2.9.2+zdfsg1-4_amd64.deb edf5b9ab810161675c4e8f664a9ae39e 822922 doc optional libxml2-doc_2.9.2+zdfsg1-4_all.deb 5cf0a3551a55bcba4baeacb9ca8a77a6 137928 debug extra libxml2-utils-dbg_2.9.2+zdfsg1-4_amd64.deb 93c68f78234be22aadabdcf4563da323 102052 text optional libxml2-utils_2.9.2+zdfsg1-4_amd64.deb 9f16349e9a57ec1c05541c07f5ba5e1a 911438 libs standard libxml2_2.9.2+zdfsg1-4_amd64.deb 801b58d2b542365d42b0e45e88b69bf7 328734 debug extra python-libxml2-dbg_2.9.2+zdfsg1-4_amd64.deb 8b94ce23d548357cfbc1a21e2ee4e268 204182 python optional python-libxml2_2.9.2+zdfsg1-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJWARyAAAoJEPbsVcVkKA0eNrQIAKNEig+8WtOfIOCZU8ETX3Gc wWK6w6IksvqTQl5c2RVxYspmPyz0/85zGCnpdGMb/BRvpI4cK/9D9mGBfH058Ak/ ykbf/B1fusWYzGw/i5wq27cAWuAMPo2LipPEbuvFgwo2Ziaowm8qCuAniUeq1c4x kJ+09TswBTJ5zmIfU3y+UxQLS/+iMuYfDneGbeFI4YX1r0VzvyT2pd7uBqdl2+6g zvFiNnUxElnJA/JI/aoJ608X5BIrxhUBWKfmxIzk0VeuzQKYyHu2fgw31nQiizdY kiqrJstr/DRaQzZSb2SqN6w8SW0vRYw7Qc8n6aWcXk8cYEShZV3L64UN1XV+YnI= =hQCv -----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Sun, 27 Dec 2015 17:36:14 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Sun, 27 Dec 2015 17:36:14 GMT) (full text, mbox, link).
Message #36 received at 783010-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2 Source-Version: 2.9.1+dfsg1-5+deb8u1 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 783010@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 19 Dec 2015 15:29:45 +0100 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: all source Version: 2.9.1+dfsg1-5+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 782782 782985 783010 802827 803942 806384 Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.1+dfsg1-5+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add patches to address CVE-2015-7941. CVE-2015-7941: Denial of service via out-of-bounds read. (Closes: #783010) * Add 0058-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch. CVE-2015-1819: Enforce the reader to run in constant memory. (Closes: #782782) * Add patches to address CVE-2015-8317. CVE-2015-8317: Out-of-bounds heap read when parsing file with unfinished xml declaration. * Add patches to address CVE-2015-7942. CVE-2015-7942: heap-based buffer overflow in xmlParseConditionalSections(). (Closes: #802827) * Add 0063-Fix-parsing-short-unclosed-comment-uninitialized-acc.patch patch. Parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access. (Closes: #782985) * Add 0064-CVE-2015-8035-Fix-XZ-compression-support-loop.patch patch. CVE-2015-8035: DoS when parsing specially crafted XML document if XZ support is enabled. (Closes: #803942) * Add 0065-Avoid-extra-processing-of-MarkupDecl-when-EOF.patch patch. CVE-2015-8241: Buffer overread with XML parser in xmlNextChar. (Closes: #806384) * Add 0066-Avoid-processing-entities-after-encoding-conversion-.patch patch. CVE-2015-7498: Heap-based buffer overflow in xmlParseXmlDecl. * Add 0067-CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDi.patch patch. CVE-2015-7497: Heap-based buffer overflow in xmlDictComputeFastQKey. * Add 0068-CVE-2015-5312-Another-entity-expansion-issue.patch patch. CVE-2015-5312: CPU exhaustion when processing specially crafted XML input. * Add patches to address CVE-2015-7499. CVE-2015-7499: Heap-based buffer overflow in xmlGROW. * Add 0071-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch patch. CVE-2015-7500: Heap buffer overflow in xmlParseMisc. Checksums-Sha1: 4d69762c6f1d5f748daf80b712a18e5a94a8d947 2591 libxml2_2.9.1+dfsg1-5+deb8u1.dsc 357366e7afc9dd03ba883c605d5c369decb2b2e1 3793894 libxml2_2.9.1+dfsg1.orig.tar.gz 004a1df14622f17e21971e6830a04625e51bbebb 48620 libxml2_2.9.1+dfsg1-5+deb8u1.debian.tar.xz 98aa0e0043be46271211df7f063675b70f15f092 814120 libxml2-doc_2.9.1+dfsg1-5+deb8u1_all.deb Checksums-Sha256: edf831eba01aedd2643c3f867d9e2cab00242983f801b268019307901517ef9f 2591 libxml2_2.9.1+dfsg1-5+deb8u1.dsc f3ec5256412192f74833286c4490672500b232ed1c9195214db2c641df064a28 3793894 libxml2_2.9.1+dfsg1.orig.tar.gz 03e6e7ece4183fb8028688c0cec39b55dce60d7f67c8351c5655801d9e79c7ac 48620 libxml2_2.9.1+dfsg1-5+deb8u1.debian.tar.xz e2a1e9b873a324286ec89828b8bf0f629f3ccf482a77eeff7a7c2314e5863c53 814120 libxml2-doc_2.9.1+dfsg1-5+deb8u1_all.deb Files: 0f86c710bec848296ce3180fe830a6a9 2591 libs optional libxml2_2.9.1+dfsg1-5+deb8u1.dsc 5f111980c06f927a62492b7b9781b7bf 3793894 libs optional libxml2_2.9.1+dfsg1.orig.tar.gz 89ca676465cdde570e22ff4588abc937 48620 libs optional libxml2_2.9.1+dfsg1-5+deb8u1.debian.tar.xz f281fb339413bae63912385a43997eb1 814120 doc optional libxml2-doc_2.9.1+dfsg1-5+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWdcofAAoJEAVMuPMTQ89EALIP/RcI05QIxyi8O0ImrlDUGkBB sLLUMjidLMTTvsYXovxRB+4KSx8UWD9gqmoakNvy6j6J6tpNKdTkEBDke9DkHIQz TOaMLoOVouXo0bhc8+gUEI1D5z6OiNpHzmkzoof9CSRwoFVYJHnRFPi6z22i14NZ wgFkCS/gd2ltPVwFP+4wPEOdWs7VuZfCfxJrzQwlr5Mna5z8tlyMRq3I8FIf3Nps QMcuBMlSXq3SC0I2Ln9paZWXo8u1JMHU0Dp60tD6C8O/DLw0hD+XAiiJ+CKATRyn WJIJ7m9DEivBjoMq3eiv3KnMQkIZYDapq2SrDGSoX6Jnxyga1wgPDnvhCGCsY+r7 Wu5YxAR824RewiyZKhtDfXctzhx/pRWPvADAMG3IhqxiswPnXcfKIDe7eVexLDxl qvv6XhyApRTmMpepSA1Vve9Ey2r72ICkdLn9cL8UckY+ng6XVIODmEC+PflaBKAR PqVgixpjMhaFjmujINo7ri/iKPvQg587Zv9SwZPXtmSUkww1Wvk4uvV2V70Ukt5u hEtPRP49d+I/hvZrXgCPugwB0NnCCJHnS1vfvxx2uMEjpImYMfCVPpZ8VJ1YgvIF QGpUoDR7AVyK9//oeywUB4HyhVG+DhuCSGa4NEW7DdWH/zKEh00hi9RlqhOSwc1J 7kjdF6ts94FQ+g4AaCqF =aIbj -----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>
:
You have taken responsibility.
(Sun, 27 Dec 2015 21:51:20 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Sun, 27 Dec 2015 21:51:20 GMT) (full text, mbox, link).
Message #41 received at 783010-close@bugs.debian.org (full text, mbox, reply):
Source: libxml2 Source-Version: 2.8.0+dfsg1-7+wheezy5 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 783010@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 19 Dec 2015 15:25:28 +0100 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.8.0+dfsg1-7+wheezy5 Distribution: wheezy-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 782782 782985 783010 802827 803942 806384 Changes: libxml2 (2.8.0+dfsg1-7+wheezy5) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add patches to address CVE-2015-7941. CVE-2015-7941: Denial of service via out-of-bounds read. (Closes: #783010) * Add CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch. CVE-2015-1819: Enforce the reader to run in constant memory. Thanks to Mike Gabriel for the patch backport. (Closes: #782782) * Add patches to address CVE-2015-8317. CVE-2015-8317: Out-of-bounds heap read when parsing file with unfinished xml declaration. * Add patches to address CVE-2015-7942. CVE-2015-7942: heap-based buffer overflow in xmlParseConditionalSections(). (Closes: #802827) * Add Fix-parsing-short-unclosed-comment-uninitialized-acc.patch patch. Parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access. (Closes: #782985) * Add CVE-2015-8035-Fix-XZ-compression-support-loop.patch patch. CVE-2015-8035: DoS when parsing specially crafted XML document if XZ support is enabled. (Closes: #803942) * Add Avoid-extra-processing-of-MarkupDecl-when-EOF.patch patch. CVE-2015-8241: Buffer overread with XML parser in xmlNextChar. (Closes: #806384) * Add Avoid-processing-entities-after-encoding-conversion-.patch patch. CVE-2015-7498: Heap-based buffer overflow in xmlParseXmlDecl. * Add CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDi.patch patch. CVE-2015-7497: Heap-based buffer overflow in xmlDictComputeFastQKey. * Add CVE-2015-5312-Another-entity-expansion-issue.patch patch. CVE-2015-5312: CPU exhaustion when processing specially crafted XML input. * Add patches to address CVE-2015-7499. CVE-2015-7499: Heap-based buffer overflow in xmlGROW. Add a specific parser error (XML_ERR_USER_STOP), backported from e50ba8164eee06461c73cd8abb9b46aa0be81869 upstream (commit to address CVE-2013-2877, the "Try to stop parsing as quickly as possible" was not backported). * Add CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch patch. CVE-2015-7500: Heap buffer overflow in xmlParseMisc. Checksums-Sha1: 288964c2971b07359e0d1da50497c032157c4fc6 2500 libxml2_2.8.0+dfsg1-7+wheezy5.dsc a0fcbc474df4bfaa2a1c6711615ba5a7d79a1208 52569 libxml2_2.8.0+dfsg1-7+wheezy5.debian.tar.gz f0b48ad89ecf03785bd5e0a4426e240c866debe8 906394 libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb 586bb37db8a93138431c3f82e70edb6a9ca34be0 97750 libxml2-utils_2.8.0+dfsg1-7+wheezy5_amd64.deb 9fe4a33411ce00a2f154b8c738f3c66a991f4726 128438 libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb be65e2f8d70d3617162bec08930bfeb7ddd0661a 904114 libxml2-dev_2.8.0+dfsg1-7+wheezy5_amd64.deb 9eff034a330f6ea6c4b406533e66bc6590baf4af 1403666 libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb 1b4cf22fda8d5155bad1f18fa0531dc19654b780 1398210 libxml2-doc_2.8.0+dfsg1-7+wheezy5_all.deb af3bb078f593e1957c5e48642a5fa88f09a714e0 347140 python-libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb 36341f7a5caddf119711ff4c13b06e476959794a 729548 python-libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb Checksums-Sha256: 454b8a84b9c34a9ebd61c003756211fa6dcf6080f2cb415217bb339bad6fbb4f 2500 libxml2_2.8.0+dfsg1-7+wheezy5.dsc 599affacd35df3b12f2860990469d59235c4c8446051b578de0f9666126eca5b 52569 libxml2_2.8.0+dfsg1-7+wheezy5.debian.tar.gz d407b28f5397676ef7122b6196e087bf806d613ca43a68494c80e743235f30f7 906394 libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb ce33a35a137f09d1f9d77fb1fd6dce3ac4a19c3f16bee087eb3e768bf880ab3b 97750 libxml2-utils_2.8.0+dfsg1-7+wheezy5_amd64.deb c3623fa4a037571ec2b8b726bfcb06aeccfe6dee953a64ea6b8b2b93d1cd1d92 128438 libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb 3cf0d5b5ea97818a470abb2ca7b9b258c445a469d937518cd2a82421a4244de3 904114 libxml2-dev_2.8.0+dfsg1-7+wheezy5_amd64.deb 3e24c0b57c5b327c6e192d94f5a5972c4f42f1552ff7730b5b1583b9ad216326 1403666 libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb ec9a9a8123261fbb49a46e3e824690f67145a5521a8bd7a2767fcc1ed3e7256c 1398210 libxml2-doc_2.8.0+dfsg1-7+wheezy5_all.deb 2a9a75641a2573b238a7ff821e88eb829552d5dd5d499e7c21b6a7be264031f4 347140 python-libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb 5a08fe8a0e138c3bf7a0e14c1ddef5f7597b256060fef505e8b81b35ccfe609a 729548 python-libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb Files: 5ca9fbed5febc8572bc0b8deb83a53aa 2500 libs optional libxml2_2.8.0+dfsg1-7+wheezy5.dsc 21a4180463465e1222033008edc782ed 52569 libs optional libxml2_2.8.0+dfsg1-7+wheezy5.debian.tar.gz 2092576dba6892701056668969758669 906394 libs standard libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb 3c7fa309df5585c539ba4c83c8e096d6 97750 text optional libxml2-utils_2.8.0+dfsg1-7+wheezy5_amd64.deb 0aadd85a7532b2ffd00b2bb80161f94e 128438 debug extra libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb a86b1a8606b96128e275986140571034 904114 libdevel optional libxml2-dev_2.8.0+dfsg1-7+wheezy5_amd64.deb 30520c11a1f24c3cc36dd974dfd4b317 1403666 debug extra libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb 70c4278129396532ca6a3fe0636b952c 1398210 doc optional libxml2-doc_2.8.0+dfsg1-7+wheezy5_all.deb 54fc8284a5987313e5825bf0dc102002 347140 python optional python-libxml2_2.8.0+dfsg1-7+wheezy5_amd64.deb 0063c9820135120a8870133e3f55d44c 729548 debug extra python-libxml2-dbg_2.8.0+dfsg1-7+wheezy5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWdcXjAAoJEAVMuPMTQ89En4AP/3RogvRIvGLby1mnADH5qn8B imI71JA1BYnwFdjo1CSIRt5P5K1VAUY9hBmYObBn01Kh7+BjP5Lq+TBzNd1jaDxP XCa1UwkHjHBlMS+MMU0cipSVPr7ogAzfRrzRzEMF/wvQeikU3QVt/2o+zCnsBIW+ ibqEh48ElpBL4Z7C1oaqjVK/oETnF2KhdgOnyhu/RCTQ3RaxjvLZbLnCKP4bS0uL js1DSiK8jyvX3dRxAMyNo7qR0XgSlTWhqm5yPL3NPazLouEl14FtoMT0Wpls4O7Q qhKvqJZ5PW9tFljk+J5MdW+dfCOjWtRfqAN9UeUdez+UeLoGhl3bMOBrvlaJ/Fkq QXOkenqYYhfhJXniTYUyHlTcJhPDnTKLVi6vcAm0VR3OMtFUQ1PdbyfHH4/YbrzD eSagPMPJHhN3+WOWcgfqIlbsdQv6Qxq1X415dx8CFxNTVGQ0iBt+VqRgSTFQZ2iF ewbpKSPcWu/eOfwvQpH762UX13dxRuDI2NHDfqyRqQK3Z7Ty+d3ySSjbAK2y+rzD WPDob6ivOWc5xzkahPR/hdcNOQegQlR+CTdDZNYnh4am0EX7x3ufzlpPspGtqSm9 s5tTLka9EAjZT/zYNM+gP+GSZxc3d72+yz5N3r9MkBELjfWoXL0Oc5YnYTsorB0I WdU1WCL6XUnuvspnwmsb =3ALJ -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 03 Apr 2016 07:27:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.